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-- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time nnay be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, tiy statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )S Responsive to comnnunication(s) filed on 07 September 2004 . 
2a)M This action is FINAL. 2b)n This action is non-final. 

3) n Since this application is in condition for allowance except for fornnal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-5 and 7-14 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) ^ Claim(s) 1-5 and 7-14 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing{s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction Is required if the drawing(s) Is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)n All b)n Some * c)[J None of: 

1 .n Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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Detailed Action 

1 . This action is responsive to communication: amendment filed on 

7 September 2004, the original application was filed on 15 January 2001, with acknowledgement 
of a foreign priority date of 12 May 2000. 

2. Due to amendment claims 1-5 and 7-14 are currently pending in this application. Claims 
1,7, 11, and 14 are independent claims. Claims 1-5 and 7-14 have been amended. Claim 6 has 
been canceled. The amendments to the claims are accepted. 

Response to Arguments 

3. Applicant's arguments filed 9 March 2004 have been fiilly considered but they are not 
persuasive. 

In response to applicants argument on page 10 "Thus, Denker ('053) fails to describe 
or suggest a mechanism for embedding an initial sequence number receiver side "with 
connection parameters specified in the SYN message". The Office disagrees '053 shows 
embedding an initial sequence number in col. 4, line 63 through col. 5, line 43 "This ACK 
message (in addition to the information required by standard TCP) includes the encoded value 
and repeats the client's requested options ... A counter associated with each address in the 
Friends Table can be used to keep track of the number of successful connections established". 

In response to applicant's argument on page 10, the reference does not describe 
"determining whether to establish a transmission control block for the client unit by 
evaluating an incremented value of the Initial Sequence number Receiver side included in 
the ACK message". The Office disagrees '053 show evaluating the incremented value in col. 5, 
lines 37-43 "A counter associated with each address in the Friends Table can be used to keep 
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track of the number of successful connections established as compared to the total number of 
connection requests from the client, and allow the server to expunge the client's address from the 
Friends Table if there are too many unsuccessful connection attempts". 

Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language 

5. Claims 1-5 and 7-14 are rejected under 35 U.S.C. 102(e) as being anticipated by Denker 
U.S. Patent No. 5,958,053 (hereinafter '053). 

As to independent claim 1, "A method for defeating, in a server unit of an Internet 
Protocol network, a SYN flooding attack, said server unit running Transport Control 
Protocol to allow the establishment of one or more transmission control protocol 
connections with one or more client units, said method comprising the steps of: upon 
having activated the transmission control protocol in said server unit:" is taught in '053 col. 
4, lines 44-55; 

"listening for the receipt of a SYN message sent from a client unit" and "resuming 
to said listening step" is shown in col. 6, Hnes 59-60; 

"upon receiving said SYN message: computing an Initial Sequence number Receiver 
side; wherein said Initial Sequence number Receiver side is embedded with connection 
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parameters specified in the SYN message; responding to said client unit with a SYN-ACK 
message including said computed said Initial Sequence number Receiver side;" is disclosed 
in col. 4, line 58 through col. 5, line 43; 

"responsive to receiving an ACK message, determining whether to establish a 
transmission control block for the client unit by evaluating an incremented value of the 
Initial Sequence number Receiver side included in the ACK message" is shovra in '053 col. 
5, lines 37-43. 

As to dependent claim 2, "wherein the step of computing said Initial Sequence 
number Receiver side further includes the steps of: concatenating a randomly generated 
key with an identification of one of said transmission control protocol connections, said 
identification including: a client socket and a server socket; a server signature calculated 
by hashing said concatenation; and a concatenation of said server signature and a category 
index referring to a set of predefined transmission control protocol connection categories" 
is taught in '053 col. 7, lines 47-67. 

As to dependent claim 3, "wherein said computing step further comprises the steps 
of: updating, in said server unit, a pseudo-random number (PRN) generator; holding a 
current key; remembering a former key; and using said current key as said randomly 
generated key for said computed Initial Sequence number Receiver side" is shovra in '053 
col. 10, line 50 through col. 11, line 19. 

As to dependent claim 4, "wherein the step of concatenating said server signature 
and said category index further includes the step of picking up a category index within said 
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set of predeflned connection categories on the basis of the content of said received SYN 
message" is disclosed in 053 col. 7, lines 47-67. 

As to dependent claim 5, "wherein said updating step includes the step of: updating 
said PRN generator at a. rate not higher than an Maximum Segment Lifetime deflned in 
said transmission control protocol connections" is taught in '053 col. 7, lines 47-61. 

As to independent claim 7, "A method for defeating, in a server unit of an IP 
network, a SYN flooding attack, said method comprising the steps of:" is disclosed in '053 
col. 4, lines 33-54; 

"listening for an ACK message sent from a client unit" and "resuming said listening 
step" is taught in '053 col. 6, lines 59-60; 

"upon receiving said ACK message, evaluating a value of an Initial Sequence 
number Receiver side that includes content comprising embedded connection parameters 
specified in a previously received SYN message as an authentic computer Initial Sequence 
number Receiver side; and responsive to evaluating the value of the Initial Sequence 
Number Receiver side as an authentic computed Initial Sequence number Receiver side, 
allocating resources for a transmission control protocol connection according to said 
content; and" is shown in '053 col. 5, line 1-43. 
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As to dependent claim 8, "further including interpreting a category index extracted 
from said value of the Initial Sequence number Receiver side*' is taught in '053 col. 5, 
lines 1-43. 

As to dependent claim 9, "wherein the allocating step includes the step of: selecting 
a predefined set of parameters, for said transmission control protocol connection, on the 
basis of the category index" is shown in *053 col. 11, lines 25-50. 

As to dependent claim 10, "wherein the step of evaluating said Initial Sequence 
number Receiver side includes, upon receiving said ACK message, the steps of: having, 
firstly, selected a current key: getting said current key; concatenating said current key with 
an identification of said transmission control protocol connection" is disclosed in '053 col. 5, 
lines 1-43; 

"said identification including: a cHent socket and a server socket" is taught in '053 
col 7, lines 46-61; 

"hashing said concatenation of the current key and the identification, thus obtaining 
a re-computed server signature; extracting an acknowledgment field from said ACK 

message" is shown in '053 col. 9, lines 2-13; 

"decrementing content of said acknowledgement field; extracting a server signature 
from the decremented content; and" is disclosed in '053 col. 1 L lines 29-50; 

"comparing said re-computed server signature and said extracted server signature" 

is taught in '053 col. 9, lines 20-33. 

As to independent claim 11, this claim is directed to the computer program product of 
claim 1 and is rejected along the same rationale. 
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As to dependent claims 12 and 13, these claims contain substantially similar subject 
matter to claims 2 and 3 therefore they are rejected along the same rationale. 

As to independent claim 14, this claim is directed to the system of the method of claim 1 
and is rejected along the same rationale. 

Conclusion 

THIS ACTION IS MADE FINAL. AppHcant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to 
expire THREE MONTHS fi'om the mailing date of this action, hi the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened 
statutory period will expire on the date the advisory action is mailed, and any extension fee 
pursuant to 37 CFR 1.136(a) will be calculated fi'om the maiUng date of the advisory action, hi 
no event, however, will the statutory period for reply expire later than SIX MONTHS from the 
mailing date of this final action. 
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6. Any inquiry concerning this communication or earlier communications from the 

examiner should be directed to Ellen C Tran whose telephone number is 

(571) 272-3842. The examiner can normally be reached from 6:30 am to 3:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 

Gregory A Morse can be reached on (571) 272-3838. The fax phone number for the 

organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent Application 

Information Retrieval (PAIR) system. Status information for published applications may be 

obtained from either Private PAIR or Public PAIR. Status information for unpublished 

applications is available through Private PAIR only. For more information about the PAIR 

system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 

PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Ellen Tran 
Patent Examiner 
Technology Center 2134 
13 January 2005 
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